Policy as code is the idea of writing code in a high-level language to
manage and automate policies. By representing policies as code in text files,
proven software development best practices can be adopted such as version
control, automated testing, and automated deployment.

Many existing policy or ACL systems do not practice policy as code. Many
policies are set by clicking in a GUI, which isn't easily repeatable nor
versionable. They usually don't provide any system for testing policies
other than testing an action that would violate the policy. This makes it
difficult for automated testing. And the policy language itself varies by
product.

Sentinel is built around the idea and provides all the benefits of policy as code.

Sandboxing. Policies provide the guardrails for other automated systems.
As the number of automated systems grow, there is also a growing need to
protect those automated systems from performing dangerous actions. Manual
verification is too slow; policies need to be represented as code to
keep up with other automated systems.

Codification. By representing policy logic as code, the information
and logic about a policy is directly represented in code and can be augmented
with comments rather than relying on oral tradition to learn about the
reason for policies.

Version Control. Policies are encouraged to be stored as simple text
files managed by a version control system. This lets you gain all the
benefits of a modern VCS such as history, diffs, pull requests, and more.

Testing. Policies are just code. Their syntax and behavior can be
easily validated with Sentinel. This also encourages
automated testing such as through a CI. Paired with a VCS system, this
allows a pull request workflow to verify that a policy keeps the system
behavior as expected before merging.

Automation. With all policies as code in simple text files, various
automation tools can be used. For example, it is trivial to create tools
to automatically deploy the policies into a system.

Language. All Sentinel policies are written using the
Sentinel language. This language is
made to inputted directly to text files. As an additional benefit,
all Sentinel-enabled applications share the same policy language.

Development. Sentinel provides a CLI
for development and testing. This local CLI can be used to verify policies
before deploying them to a system.

Testing. Sentinel provides a test framework
designed specifically for automation. This allows developers and CI systems
to further verify policies.